From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Paris <eparis@redhat.com>
Subject: Re: [PATCH 1/7] audit: implement generic feature setting and
	retrieving
Date: Sat, 02 Nov 2013 10:44:02 -0400
Message-ID: <1383403442.2938.0.camel@localhost>
References: <1369411910-13777-1-git-send-email-eparis@redhat.com>
	<20131102072627.GC3405@madcap2.tricolour.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20131102072627.GC3405@madcap2.tricolour.ca>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Sat, 2013-11-02 at 03:26 -0400, Richard Guy Briggs wrote:
> On Fri, May 24, 2013 at 12:11:44PM -0400, Eric Paris wrote:
> > The audit_status structure was not designed with extensibility in mind.
> > Define a new AUDIT_SET_FEATURE message type which takes a new structure
> > of bits where things can be enabled/disabled/locked one at a time.  This
> > structure should be able to grow in the future while maintaining forward
> > and backward compatibility (based loosly on the ideas from capabilities
> > and prctl)
> > 
> > This does not actually add any features, but is just infrastructure to
> > allow new on/off types of audit system features.
> 
> However, it does surprisingly disable one!
> 
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index f2f4666..3acbbc8 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -699,7 +798,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> >  		if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
> >  			err = audit_set_backlog_limit(status_get->backlog_limit);
> >  		break;
> > -	case AUDIT_USER:
> > +	case AUDIT_GET_FEATURE:
> > +		err = audit_get_feature(skb);
> > +		if (err)
> > +			return err;
> > +		break;
> > +	case AUDIT_SET_FEATURE:
> > +		err = audit_set_feature(skb);
> > +		if (err)
> > +			return err;
> > +		break;
> >  	case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
> >  	case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
> >  		if (!audit_enabled && msg_type != AUDIT_USER_AVC)
> 
> Can I assume that the removal of the AUDIT_USER case line was
> accidental?  It has broken USER type AUDIT messages.

Wow, Bad Eric.  Bad.  Please fix!